How to Disable SSH Root Login in Linux?

SSH (Secure Shell) is a critical protocol used to remotely access and manage Linux servers securely. While SSH provides encrypted communication between clients and servers, allowing root login via SSH creates significant security vulnerabilities. The root user has complete system control, making unauthorized root access extremely dangerous for system integrity.

This guide demonstrates how to disable SSH root login in Linux systems, reducing attack vectors and implementing security best practices for server administration.

Security Risks of SSH Root Login

Enabling root login via SSH exposes your system to several critical security threats:

• Brute Force Attacks Attackers commonly target the root account with automated login attempts

• Complete System Compromise Root access grants unlimited privileges to modify, delete, or install anything

• No Audit Trail Direct root login bypasses user accountability mechanisms

• Privilege Escalation Bypass Eliminates the security layer provided by sudo authentication

Preparing Your System

Check Current Root Login Status

First, verify if root login is currently enabled by examining the SSH configuration:

sudo grep PermitRootLogin /etc/ssh/sshd_config

If the output shows PermitRootLogin yes, root login is enabled and should be disabled. If it shows PermitRootLogin no or is commented out, root login may already be restricted.

Create Administrative User Account

Before disabling root login, create an alternative user account with sudo privileges:

sudo adduser username
sudo usermod -aG sudo username

Test the new account by logging in and verifying sudo access:

su - username
sudo whoami

Disabling SSH Root Login

Edit SSH Configuration

Open the SSH daemon configuration file with a text editor:

sudo nano /etc/ssh/sshd_config

Modify PermitRootLogin Setting

Locate the PermitRootLogin directive and change it to:

PermitRootLogin no

If the line is commented out (begins with #), uncomment it by removing the hash symbol. Save the file using Ctrl + O, then exit with Ctrl + X.

Restart SSH Service

Apply the configuration changes by restarting the SSH daemon:

sudo systemctl restart sshd

For older systems using SysV init:

sudo service ssh restart

Testing and Verification

Verify Root Login Restriction

Test the changes by attempting to SSH as root from another terminal or machine:

ssh root@your-server-ip

You should receive an authentication failure or "Permission denied" message, confirming that root login is successfully disabled.

Confirm Administrative Access

Verify that your regular user account can still perform administrative tasks:

ssh username@your-server-ip
sudo systemctl status sshd

Additional Security Measures

Conclusion

Disabling SSH root login is a fundamental security practice that significantly reduces your server's attack surface. By forcing the use of regular user accounts with sudo privileges, you implement proper access controls and maintain audit trails for administrative actions. This simple configuration change provides substantial protection against brute force attacks and unauthorized system access.